Ars Technica is reporting on a new attack against HTTPS. Called FREAK, the devices reported as vulnerable include iPhones, Android devices, and Macs running OS X. The attack (as I understand it) is ...

I just turned my server off yesterday, after it began to distribute comment spam across the internet, at an astounding rate over 70 "spams"/min, bottom of the line 1/2 gig ram VPS. I'm still trying to ...

I posted this question (Hacked or Ghost Referers) on Google groups earlier today, but I also wanted to see if the security experts here have any insight into this behavior.
I've got a web application ...

I am confused about this concept if a public IP is assigned to my router and my system has private IP address, how an attacker can access my system or can use my system as a BOT.
Its a common scenario ...

I was wandering at superuser and I found this question: Compress and then encrypt, or vice-versa?
Nearly all files have a Magic Number at a certain position in them. So, I wonder if I can attack (to ...

I am relatively new to the area of cyber security but have a reasonable knowledge of several programming languages, assembly (x86 in particular) and scripting. In light of the recent Shellshock and ...

This is MITRE's powerpoint presentation version of their report:
http://www.mitre.org/sites/default/files/publications/14-2221-extreme-escalation-presentation.pdf
Page 54 is a straight pull from HP ...

Theoretically...
In Active attacks we have "modification attack"...ie
"In a message modification attack, an intruder alters packet header addresses to direct a message to a different destination or ...

1.If an user knows the frequency used by a wireless network, is he able to collect the packets from that network? Those packets may be encrypted, but can
he collect those packets?
2.If the user has ...

Let's say I am browsing the Internet using Tor - visiting https://example.com/login.php - and the NSA is operating the Tor exit node which I am currently routed to use.
Can that NSA exit relay swap ...

Google is a repository of Internet data, as it indexes tremendous amount of data. It uses a prediction service to determine the rest of the search query.
With such a huge repository in place, can we ...

I have been reading about IDN homograph attacks, and I cannot think of any better way than
Tell my users not to trust emails asking for passwords, etc
Buy all domains similar to mine (expensive and ...

I am using windows server 2008 R2 and I have lot of customers who use windows XP,7 and 8 with some of them still using IE6. So now I want to disable SSL3 and enable TLS 1.1 as a security measure for ...

Assuming a global, resourceful man in the middle, is it possible to
Securely communicate (I don't mean storing encrypted data off site)
completely establishing and sending messages over the internet ...

I administrate a public server that receives about a 100 csh HTTP shell shock per day from different sources. It is an HTTP GET Method that that requests the /cgi-bin/authLogin.cgi URI.
Knowing that ...

I have uploaded a screenshot of what exactly is going on, here: http://i.imgur.com/bJSv7C8.png
I can see that single-crack mode includes a rule that looks at the username, and "slices" it to identify ...

My server has been the target from hackers 3 times in the last month, and the attack seem to follow the same pattern. The attack another site from my server using UDP connection. The report from my ...

I am writing a novel in which a researcher attempts to work against a study he is a part of by purposely sabotaging operations on the research compound. I am wondering if the following is plausible.
...